Somehow this code was injected (closing tag was adjusted by me just in case). The file was adjusted on 22-01-2010. So I am worried that the hacker was somehow able to overwrite the theme's footer file and maybe more.
Does anybody know what the script does?
Furthermore I found three hidden links. I will remove all and do all necessary updates as well do a check of all other files and database. I hope it is all not too severe...

It seems to be hack that happened last year on the old server that got compromised. FTP pw has been adjusted now. Found a newly created folder @ /media/year/month/day/%e3%82%b9%e3%83%86%e3%83%bc%e3%82%b8%e3%83%9e%e3%83%9e/ . Will remove that one as soon as possible as well..

A lot clear already. Just wonder why this blog has a Media upload field above the post wysiwyg TinyMCE editor instead of only showing it when clicking on a media upload icon to show the media op-up box. I think the media upload field above the post is connected to /media/ which is in the root and contains many images. Maybe that was the old WP media location? Or maybe one used by a plugin?